import boto3

def back_export_ecs_task(cluster_name, service_name):
    ecs = boto3.client('ecs')

    # Get the current task definition ARN
    response = ecs.describe_services(cluster=cluster_name, services=[service_name])
    task_definition_arn = response['services'][0]['taskDefinition']
    # Export the current task definition
    response = ecs.describe_task_definition(taskDefinition=task_definition_arn)
    task_definition = response['taskDefinition']
    # Delete invalid fields from dictionary
    for field in ['taskDefinitionArn','revision','volumes','status','requiresAttributes','placementConstraints','compatibilities','registeredAt','registeredBy']:
        del task_definition[f'{field}']
    for container in task_definition['containerDefinitions']:
        if container['name'].__contains__(service_name):
            container['entryPoint'] = ['sh', '-c']
            container['environment'] = []
            container['volumesFrom'] = []
    del task_definition['containerDefinitions'][0]['linuxParameters']
    del task_definition['containerDefinitions'][0]['dependsOn']
    task_definition['containerDefinitions'] = [d for d in task_definition['containerDefinitions'] if d['name'] != 'TwistlockDefender']
    return task_definition

def update_ecs(cluster_name, service_name, task_definition):
    ecs = boto3.client('ecs')
    response = ecs.register_task_definition(**task_definition)
    task_definition_arn = response['taskDefinition']['taskDefinitionArn']

    # Update the service to use the new task definition
    response = ecs.update_service(cluster=cluster_name, service=service_name, taskDefinition=task_definition_arn)
    print(f"{service_name} detach twistlock_defender success")

def judge_twistlock_defender(cluster_name, service_name, region_name=None):
    # Create ECS client
    ecs_client = boto3.client('ecs', region_name=region_name)

    # Get the service's task definition
    response = ecs_client.describe_services(cluster=cluster_name, services=[service_name])
    task_definition_arn = response['services'][0]['taskDefinition']

    # Get the task definition's detailed information
    response = ecs_client.describe_task_definition(taskDefinition=task_definition_arn)
    task_definition = response['taskDefinition']

    # Check if TwistlockDefender container exists in the task definition
    containers = task_definition['containerDefinitions']
    twistlock_defender_found = any(container['name'] == 'TwistlockDefender' for container in containers)

    return twistlock_defender_found

def get_service_names(cluster_name, region_name=None):
    # Create ECS client
    ecs_client = boto3.client('ecs', region_name=region_name)

    # Paginate to get service names
    next_token = None
    service_names = []

    while True:
        # Get one page of service information
        if next_token:
            response = ecs_client.list_services(cluster=cluster_name, nextToken=next_token)
        else:
            response = ecs_client.list_services(cluster=cluster_name)
        services = response['serviceArns']

        # Filter service names
        for service in services:
            service_name = service.split('/')[-1]
            service_names.append(service_name)

        # Check if there is a next page
        if 'nextToken' in response:
            next_token = response['nextToken']
        else:
            break

    return service_names

def main():
    cluster_name = 'test' #输入ecs集群名称，也可以批量获取
    service_names = get_service_names(cluster_name)
    for service_name in service_names:
        value = judge_twistlock_defender(cluster_name, service_name, region_name=None)
        if value:
            task = back_export_ecs_task(cluster_name, service_name)
            try:
                update_ecs(cluster_name, service_name, task)
            except Exception as e:
                print("service_name  error", service_name, e)

main()